Описание
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 5.3
github
2 месяца назад
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary products.
EPSS
Процентиль: 26%
0.00091
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-285